The MSWordView application in IMP creates world-readable files in the /tmp directory, which allows other local users to read potentially sensitive information.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imp | imp | 2.0.10 |
| imp | imp | 2.2_pre10 |
| imp | imp | 2.2_pre9 |
| imp | imp | 2.0.9 |
| imp | imp | 2.0.11 |
IMP does not remove files properly if the MSWordView application quits, which allows local users to cause a denial of service by filling up the disk space by requesting a large number of documents and prematurely stopping the request.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imp | imp | 2.2_pre12 |
| imp | imp | 2.0.10 |
| imp | imp | 2.2_pre10 |
| imp | imp | 2.2_pre9 |
| imp | imp | 2.2_pre11 |
| imp | imp | 2.0.9 |
| imp | imp | 2.0.11 |
Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imp | webmail | * |